A creepy activity monitoring app called Teensafe leaked tens of thousands of account data after a failed attempt to secure its servers. ZDNet has found that the app, which enables parents to remotely spy on their kids’ online activities, failed to use encryption on two of its Amazon cloud servers.
As a result, everyone who happened to access the servers gained access to tens of thousands of accounts and passwords with no master password needed.
The compromised servers were first spotted by cybersecurity expert Robert Wiggins. He found that the e-mail addresses of parents submitted to Teensafe along with teen’s Apple ID accounts were compromised in the process. The passwords to teens’ accounts were also visible in the cloud with no hashing or encryption.
Also, the servers displayed the teens’ device name and identifiers for everyone to see. No messages or photos have been compromised. Ironically, Teensafe needs the devices to turn off the two-factor authentication.
Teensafe Made Teens’ Devices Less Safe
The compromised servers included all the info a hacker would have needed to take over the kids’ devices. What’s more, the app made the devices even more vulnerable to hackers by asking them to turn off the two-factor authentication method.
Around 10,000 records were leaked in the incident, even though some of them were copies. The second server stored test data. Teensafe shut down both servers shortly after the leak was exposed.
We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,
a spokesperson for the company said.
As it is, Teensafe is an extremely controversial monitoring app. It gives parents access to too much data and control while suggesting that it is not borderline illegal to not tell their kids that they are monitoring them.
The app has Android and iOS support.
Image Source: Wikimedia